CN115001904A - High-availability NAT gateway design method - Google Patents

High-availability NAT gateway design method Download PDF

Info

Publication number
CN115001904A
CN115001904A CN202210596790.9A CN202210596790A CN115001904A CN 115001904 A CN115001904 A CN 115001904A CN 202210596790 A CN202210596790 A CN 202210596790A CN 115001904 A CN115001904 A CN 115001904A
Authority
CN
China
Prior art keywords
nat
leader
availability
processor
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210596790.9A
Other languages
Chinese (zh)
Inventor
刘立京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ziguang Construction Cloud Technology Chongqing Co ltd
Original Assignee
Ziguang Construction Cloud Technology Chongqing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ziguang Construction Cloud Technology Chongqing Co ltd filed Critical Ziguang Construction Cloud Technology Chongqing Co ltd
Priority to CN202210596790.9A priority Critical patent/CN115001904A/en
Publication of CN115001904A publication Critical patent/CN115001904A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0654Management of faults, events, alarms or notifications using network fault recovery
    • H04L41/0668Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention provides a high-availability NAT gateway design method, which comprises the following steps: s1, creating an NAT cluster, and selecting a leader through an election module; s2, issuing configuration to a leader server; s3, agent regularly pushes the standby service configured to the agent; s4, carrying out periodic monitoring to judge the state of the virtual machine, if the state of the virtual machine is normal, continuously monitoring, otherwise, executing the step S5; s5, triggering an election mechanism and cutting functions; s6, the service is provided to the outside through the new leader, and then step S2 is performed. The invention has the beneficial effects that: a high-availability NAT gateway design method increases the high availability of gateway functions, ensures continuous services, can dynamically expand the number of services of the gateway, realizes automatic synchronization of configuration, does not need to complement the configuration after virtual shutdown, and quickly provides services.

Description

High-availability NAT gateway design method
Technical Field
The invention belongs to the technical field of private cloud, and particularly relates to a design method of a high-availability NAT gateway.
Background
Vpc (virtual Private cloud) is a custom, Private, isolated network environment that a user applies based on a cloud service provider. And services on the user cloud are all based on the VPC, and the services are processed in the VPC. If a user wants to interact with an external network, there is a way to do so through a NAT gateway. The user realizes the function of accessing the Internet through the NAT gateway function, thereby providing services. The function of the NAT gateway in the current scheme is realized on a hardware firewall, the hardware firewall has a bottleneck of specification, and the dependence on hardware equipment is removed through open-source soft realization. Therefore, the flexibility of a network architecture is improved, but the open-source NAT has a defect, high availability cannot be realized, only a single edition is adopted, and if the virtual machine for operating the NAT is down, the current VPC service cannot access the external network, so that the service of a user is influenced.
Disclosure of Invention
In view of the above, the present invention is directed to a method for designing a highly-available NAT gateway, so as to solve at least one of the problems in the background art.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
in a first aspect, the present disclosure discloses a method for designing a high-availability NAT gateway, including the following steps:
s1, creating an NAT cluster, and selecting a leader through an election module;
s2, issuing configuration to a leader server, wherein the leader server stores all ip addresses of the cluster;
s3, each gateway service has an agent, the control plane issues the configuration to the leader server, and the agent of the leader is regularly pushed and configured to other servers of the cluster;
s4, carrying out periodic monitoring to judge the state of the virtual machine, if the state of the virtual machine is normal, continuously monitoring, otherwise, executing the step S5;
s5, when the main lead is abnormal and crashes, the control surface triggers an election mechanism to randomly ping other servers in the cluster, if the ping is on, the server is elected to be a lead, the function of the previous lead is cut into the new lead server, and the configuration of the old lead is eliminated;
s6, the service is provided to the outside through the new leader, and then step S2 is performed.
Further, in step S1, a NAT product is created, and a cluster of NAT services is created, where the NAT services run on different servers.
Further, in step S1, a leader is selected by the election module, and the role of each NAT service is divided.
Further, in step S2, the NAT configuration is issued on the leader service, and the configuration is pushed to other standby services.
Further, in step S4, the monitoring module of the control plane continuously monitors the state of the virtual machine, including the connectivity of the link, and if the state in the cycle is normal, the monitoring of the next cycle is performed.
Further, in step S4, if the leader virtual machine is found to be abnormal, an election operation is immediately performed to switch the service to the new leader to provide the service, and since the configurations are all synchronous, there is no need to reissue the configurations.
In a second aspect, the present disclosure discloses an electronic device, which includes a processor and a memory, wherein the memory is communicatively connected to the processor and is configured to store executable instructions of the processor, and the processor is configured to execute the method for designing a high-availability NAT gateway according to the first aspect.
In a third aspect, the present disclosure provides a server, including at least one processor, and a memory communicatively connected to the processor, where the memory stores instructions executable by the at least one processor, and the instructions are executed by the processor to cause the at least one processor to execute the method for designing a high-availability NAT gateway according to the first aspect.
In a fourth aspect, the present disclosure discloses a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the method for designing a high-availability NAT gateway according to the first aspect is implemented.
Compared with the prior art, the method for designing the high-availability NAT gateway has the following beneficial effects:
the high-availability NAT gateway design method increases the high availability of gateway functions, ensures continuous services, can dynamically expand the number of services of the gateway, realizes automatic synchronization by configuration, does not need to complement and send the configuration after the virtual machine is down, and quickly provides the services.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a schematic diagram of a design scheme of a high-availability NAT gateway according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an implementation procedure according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Vpc (virtual Private cloud) is a custom, Private, isolated network environment that a user applies based on a cloud service provider. And services on the user cloud are all based on the VPC, and the services are processed in the VPC. If a user wants to interact with an external network, there is a way to do so through a NAT gateway. The user realizes the function of accessing the Internet through the NAT gateway function, thereby providing services. The function of the NAT gateway in the current scheme is realized on a hardware firewall, the hardware firewall has a bottleneck of specification, and the dependence on hardware equipment is removed through open-source soft realization. Thereby increasing the flexibility of the network architecture. However, the open source NAT has a defect that high availability cannot be achieved, and is only a single version. If the virtual machine running the NAT is down, the current VPC service cannot access the external network, and the service of the user is influenced.
In order to solve the problem that a single NAT down affects services, a main standby scheme is provided. Namely, n (n > ═ 2) virtual machines are created, and the n virtual machines run on different servers and simultaneously run the function of the NAT. Only one of the N virtual machines provides external service, and the rest of the N virtual machines are used as backup. The control plane performs leader election. The virtual machines realize the automatic synchronization of configuration through preassembling agents. And the control plane is issued and configured to the leader virtual machine. And informs the leader virtual machine of the ip address of the slave virtual machine. The Leader continuously informs the slave virtual machines of synchronous configuration, and the consistency of the configuration among the n virtual machines is ensured. And the control surface continuously monitors the state of the virtual machine at the bottom layer, if the virtual machine is down or abnormal, the leader is reselected, the virtual machine with the problem is removed, and the new leader virtual machine starts to provide service. And after the virtual machine is repaired, adding the virtual machine into the cluster and using the virtual machine as a slave virtual machine. Thereby achieving high availability of the NAT function.
There are two core points, first: how to do the election is here done in a fast-positioning way, i.e. the first ping goes on and returns, i.e. as the person of lea. Secondly, the method comprises the following steps: how to monitor the state of the virtual machine, the control surface is provided with a monitoring module, the state of the virtual machine is obtained by continuously obtaining the preset service in the virtual machine, and the virtual machine is reselected when the abnormal condition occurs.
The flow chart is shown in fig. 2, and the steps are as follows:
1. create NAT products and create clusters of NAT services running on different servers.
2. And selecting a leader through an election module, and dividing roles of each NAT service.
3. And sending the NAT configuration on the leader service, and pushing the configuration to other standby services.
4. The monitoring module of the control plane continuously monitors the state of the virtual machine, including the connectivity of the link. If the state in the period is normal, monitoring the next period
5. If the virtual machine of the leader is abnormal, the election work is immediately carried out, the service is switched to a new leader to provide service, and the configuration is synchronous, so that the configuration does not need to be reissued.
Those of ordinary skill in the art will appreciate that the elements and method steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of clearly illustrating the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided in the present application, it should be understood that the disclosed method and system may be implemented in other ways. For example, the division of the above-mentioned units is only a logical function division, and other division manners may be available in actual implementation, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. The units may or may not be physically separate, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the scope of the present invention, which is intended to cover any modifications, equivalents, improvements, etc. within the spirit and scope of the present invention.

Claims (9)

1. A method for designing a high-availability NAT gateway is characterized by comprising the following steps:
s1, creating an NAT cluster, and selecting a leader through an election module;
s2, issuing configuration to a leader server, wherein the leader server stores all ip addresses of the cluster;
s3, each gateway service has an agent, the control plane issues the configuration to the leader server, and the agent of the leader is regularly pushed and configured to other servers of the cluster;
s4, carrying out periodic monitoring and judging the state of the virtual machine, if the state of the virtual machine is normal, continuously monitoring, otherwise, executing the step S5;
s5, when the main lead is abnormal and crashes, the control surface triggers an election mechanism to randomly ping other servers in the cluster, if the ping is on, the server is elected to be a lead, the function of the previous lead is cut into the new lead server, and the configuration of the old lead is eliminated;
s6, the service is provided to the outside through the new leader, and then step S2 is performed.
2. The method for designing the high-availability NAT gateway according to claim 1, wherein: in step S1, a NAT product is created and a cluster of NAT services is created, where the NAT services run on different servers.
3. The method for designing the high-availability NAT gateway according to claim 1, wherein: in step S1, a leader is selected by the election module, and role division is performed for each NAT service.
4. The method for designing the high availability NAT gateway according to claim 1, characterized in that: in step S2, the NAT configuration is issued on the leader service, and the configuration is pushed to another standby service.
5. The method for designing the high availability NAT gateway according to claim 1, characterized in that: in step S4, the monitoring module of the control plane continuously monitors the state of the virtual machine, including the connectivity of the link, and if the state in the cycle is normal, the monitoring of the next cycle is performed.
6. The method for designing the high availability NAT gateway according to claim 1, characterized in that: in step S4, if the leader virtual machine is found to be abnormal, an election operation is immediately performed to switch the service to the new leader to provide service, and since the configurations are all synchronous, there is no need to reissue the configurations.
7. An electronic device comprising a processor and a memory communicatively coupled to the processor and configured to store processor-executable instructions, wherein: the processor is configured to perform a method of designing a high availability NAT gateway as set forth in any one of claims 1-6.
8. A server, characterized by: comprising at least one processor, and a memory communicatively coupled to the processor, the memory storing instructions executable by the at least one processor to cause the at least one processor to perform a method of designing a high availability NAT gateway as recited in any of claims 1-6.
9. A computer-readable storage medium storing a computer program, characterized in that: the computer program when executed by a processor implements a method of high availability NAT gateway design according to any of claims 1 to 6.
CN202210596790.9A 2022-05-30 2022-05-30 High-availability NAT gateway design method Pending CN115001904A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210596790.9A CN115001904A (en) 2022-05-30 2022-05-30 High-availability NAT gateway design method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210596790.9A CN115001904A (en) 2022-05-30 2022-05-30 High-availability NAT gateway design method

Publications (1)

Publication Number Publication Date
CN115001904A true CN115001904A (en) 2022-09-02

Family

ID=83029820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210596790.9A Pending CN115001904A (en) 2022-05-30 2022-05-30 High-availability NAT gateway design method

Country Status (1)

Country Link
CN (1) CN115001904A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055299A (en) * 2023-01-18 2023-05-02 紫光云技术有限公司 Method for optimizing cut-off after soft gateway fault recovery

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107357800A (en) * 2017-05-18 2017-11-17 杭州沃趣科技股份有限公司 A kind of database High Availabitity zero loses solution method
CN107465765A (en) * 2017-09-21 2017-12-12 深圳市视维科技股份有限公司 A kind of intelligent use gateway realization method based on container cloud
CN109617731A (en) * 2018-12-21 2019-04-12 青岛海信智慧家居系统股份有限公司 Adaptive gateway role configuration method and device under a kind of multi-gateway environment
CN109783264A (en) * 2018-12-29 2019-05-21 南京富士通南大软件技术有限公司 A kind of High Availabitity solution of database
WO2021217872A1 (en) * 2020-04-29 2021-11-04 平安科技(深圳)有限公司 Method and apparatus for configuring gateway node on the basis of virtual private cloud, and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107357800A (en) * 2017-05-18 2017-11-17 杭州沃趣科技股份有限公司 A kind of database High Availabitity zero loses solution method
CN107465765A (en) * 2017-09-21 2017-12-12 深圳市视维科技股份有限公司 A kind of intelligent use gateway realization method based on container cloud
CN109617731A (en) * 2018-12-21 2019-04-12 青岛海信智慧家居系统股份有限公司 Adaptive gateway role configuration method and device under a kind of multi-gateway environment
CN109783264A (en) * 2018-12-29 2019-05-21 南京富士通南大软件技术有限公司 A kind of High Availabitity solution of database
WO2021217872A1 (en) * 2020-04-29 2021-11-04 平安科技(深圳)有限公司 Method and apparatus for configuring gateway node on the basis of virtual private cloud, and medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055299A (en) * 2023-01-18 2023-05-02 紫光云技术有限公司 Method for optimizing cut-off after soft gateway fault recovery

Similar Documents

Publication Publication Date Title
CN106570074B (en) Distributed database system and implementation method thereof
US9331891B2 (en) Virtual consolidated appliance
CN111615066B (en) Distributed micro-service registration and calling method based on broadcast
US10771318B1 (en) High availability on a distributed networking platform
CN109842651A (en) A kind of continual load-balancing method of business and system
CN108628716B (en) Information receiving and managing system, method and device
US7681088B2 (en) Apparatus expressing high availability cluster demand based on probability of breach
US11153269B2 (en) On-node DHCP implementation for virtual machines
CN106911802B (en) The dispositions method and device of the management platform of distributed block storage system
CN106603319B (en) Fault processing method, management server and logic server
CN110572284B (en) Method, device and system for upgrading virtual network element
CN115001904A (en) High-availability NAT gateway design method
CN109697078B (en) Repairing method of non-high-availability component, big data cluster and container service platform
CN111459639A (en) Distributed task management platform and method supporting global multi-machine-room deployment
CN113079098B (en) Method, device, equipment and computer readable medium for updating route
CN113596152A (en) Load balancing implementation method, system and device
CN112860485A (en) Control method of dual-computer hot standby system based on keepalived
US20170141950A1 (en) Rescheduling a service on a node
WO2020103627A1 (en) Service self-healing method and device based on virtual machine disaster recovery, and storage medium
CN112035250A (en) High-availability local area network service management method, equipment and deployment architecture
CN114553686B (en) Method, system, equipment and storage medium for switching main and standby flow
CN115499296B (en) Cloud desktop hot standby management method, device and system
JP2013073260A (en) Failure monitoring system and monitoring method by failure monitoring software
US9019964B2 (en) Methods and systems for routing application traffic
CN108365984B (en) Information processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination